New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

even you enable secrity .trusted_dir can be bypassed #486

xqc2000 opened this Issue Sep 5, 2018 · 3 comments


None yet
3 participants

xqc2000 commented Sep 5, 2018

if you enable secrity .$trusted_dir is an array of all directories that are considered trusted. Trusted directories are where you keep php scripts that are executed directly from the templates . the attackers can use ../ to bypass the dir ,if they can editing the templates, they read any file they want. just use {include "file:./../../../../../etc/passwd"}


This comment has been minimized.


uwetews commented Sep 6, 2018

This bug has already been fixed in the master branch since 3.1.33-dev-4

@uwetews uwetews closed this Sep 6, 2018


This comment has been minimized.

carnil commented Sep 12, 2018

This issue got CVE-2018-16831 assigned.


This comment has been minimized.


uwetews commented Sep 12, 2018

Version 3.1.33 covering the issue has just been released.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment